A new project to expand and improve the ability of companies to rank and more effectively patch vulnerabilities threatening their systems will be a game changer, according to a RAND Corp. researcher and co-author of an open standard for scoring computer vulnerabilities, which the effort will build on. "Right now, we're using really simple strategies of severity," said Sasha Romanosky, a policy researcher at RAND who wrote the Common Vulnerability Scoring System standard and is collaborating with others at the...
